CacheOS
CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow.CacheOS includes support for the HTTP CONNECT method, which can be used to tunnel arbitrary TCP connections through a HTTP request. This method is documented in detail in RFC 2817, where it is used to build up a generic mechanism for implementing Transit Layer Security (TLS) over HTTP.There have been some reports that CacheFlow proxies allow the misuse of this method. Upon initiating a connection to the vulnerable proxy, the outside party may submit a HTTP CONNECT request. This request can target an arbitrary machine inside the firewall, on an arbitrary port. For example, an outside party may request a connection to the internal mail server on port 25.
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
CacheOS
No comments:
Post a Comment